Use-After-Free Vulnerability in Linux Kernel Bluetooth Component
CVE-2025-39861
What is CVE-2025-39861?
A vulnerability in the Linux kernel's Bluetooth subsystem has been identified, where debugfs files are not properly removed during the vhci_release() function. This oversight leads to a potential use-after-free condition, as the associated vhci_data structure can be freed while the debugfs files remain accessible. If a user attempts to access these files after vhci_data has been released, it could result in unexpected behavior or system instability. The issue has been addressed by ensuring that the creation of debugfs files is moved into a dedicated function and appropriately removed before freeing associated data structures.
Affected Version(s)
Linux ab4e4380d4e158486e595013a2635190e07e28ce
Linux ab4e4380d4e158486e595013a2635190e07e28ce < 1503756fffe76d5aea2371a4b8dee20c3577bcfd
Linux ab4e4380d4e158486e595013a2635190e07e28ce < 7cc08f2f127b9a66f46ea918e34353811a7cb378